IntSights App for Splunk SOAR (Phantom)
Copy link

The IntSights Splunk App for Splunk SOAR is an integration between Rapid7 Digital Risk Protection (Threat Command)  Digital Risk Protection (Threat Command)) and the following Splunk products:

  • Splunk SOAR on-prem
  • Splunk SOAR Cloud

The integration enables Splunk users to import IOCs, alerts, and vulnerabilities (CVEs) from Digital Risk Protection (Threat Command) and to correlate them in the Splunk environment. Imported values are automatically updated in Splunk enabling a single pane of glass view.

This section describes how to install and configure the IntSights Splunk App for Splunk SOAR.

This section assumes familiarity with both the Splunk SOAR platform and Rapid7 Digital Risk Protection (Threat Command).